apache-airflow-core (>=3.1.0 <=3.1.4rc2), apache-airflow-providers-common-compat (>=1.6.0 <=1.7.3rc1) +6 more potentially affected by CVE-2025-66388 via apache-airflow (>=3.1.0 <=3.1.4rc2)

apache-airflow PYPI version =3.1.0, =3.1.0, =1.6.0, =1.5.3, =1.26.0, =2.0.2, =0.4.0, =1.1.0, =1.1.4 Source cves: CVE-2025-66388 Source advisory: OSV:GHSA-FV47-PQH6-WXGQ...

EUVD-2025-203358

A vulnerability in Apache Airflow allowed authenticated UI users to view secret values in rendered templates due to secrets not being properly redacted, potentially exposing secrets to users without the appropriate authorization. Users are recommended to upgrade to version 3.1.4, which fixes this...

PYSEC-2025-86

A vulnerability in Apache Airflow allowed authenticated UI users to view secret values in rendered templates due to secrets not being properly redacted, potentially exposing secrets to users without the appropriate authorization. Users are recommended to upgrade to version 3.1.4, which fixes this...

CVE-2025-54941 Apache Airflow: Command injection in "example_dag_decorator"

An example dag exampledagdecorator had non-validated parameter that allowed the UI user to redirect the example to a malicious server and execute code on worker. This however required that the example dags are enabled in production not default or the example dag code copied to build your own...

CVE-2025-54941 Apache Airflow: Command injection in "example_dag_decorator"

An example dag exampledagdecorator had non-validated parameter that allowed the UI user to redirect the example to a malicious server and execute code on worker. This however required that the example dags are enabled in production not default or the example dag code copied to build your own...

CVE-2025-62402 Apache Airflow: Airflow 3 API: /api/v2/dagReports executes DAG Python in API

API users via /api/v2/dagReports could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available...

EUVD-2020-0035

Malware in sbrugna...

EUVD-2020-0043

Malware in sbrugna...

EUVD-2023-0013

Malicious code in bioql PyPI...

EUVD-2023-0016

Malicious code in bioql PyPI...

EUVD-2024-0005

Malicious code in bioql PyPI...

EUVD-2023-2283

Malicious code in bioql PyPI...

EUVD-2024-1052

Malicious code in bioql PyPI...

EUVD-2023-2213

Malicious code in bioql PyPI...

EUVD-2023-0025

Malicious code in bioql PyPI...

EUVD-2023-0022

Malicious code in bioql PyPI...

EUVD-2023-0021

Malicious code in bioql PyPI...

EUVD-2024-1081

Malicious code in bioql PyPI...

EUVD-2023-0010

Malicious code in bioql PyPI...

EUVD-2023-0026

Malicious code in bioql PyPI...